############################### URL for upgrade from 2008 : 2019 ######

https://www.rebeladmin.com/2020/08/active-directory-migration-from-windows-server-2008-to-2019/

############################## dcpromo.exe wizard domains list err ####

https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/wizard-not-gain-access-to-
domain

ipconfig /registerdns " after adding A record for dns server in the dns server "

ipconfig /flushdns " at the promoted DC"

1. If your forest function level is 2003 and your domain function level is 2008, we should
raise forest function level from 2003 to 2008 first.
2. Then check SYSVOL replication type.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DFSR\
Parameters\SysVols\Migrating Sysvols\LocalState registry subkey. If this registry
subkey exists and its value is set to 3 (ELIMINATED), DFSR is being used. If the subkey
does not exist, or if it has a different value, FRS is being used.

Before we do any change in existing AD domain environment, we had better do:

1. Check if AD environment is healthy. Check all DCs in this domain is working fine by
running Dcdiag /v. Check if AD replication works properly by running repadmin
/showrepl and repadmin /replsum.
2. Back up all domain controllers.

3. Check both SYSVOL folder and Netlogon folder are shared by running net share on
each DC.
4. Check we can update gpupdate /force on each DC successfully.

After we ensure forest function level is 2008 and SYSVOL replication is DFSR replication type,
we can add one Windows server 2019 to the existing domain and promote is as a domain
controller.
Q2: I understand that the 2019 server schema needs to be upgraded. Is there a set of steps in
achieving this?
A2: For upgrading domain controller from lower operating system to higher operating system,
there are two methods:

Method 1 Perform an in-place upgrade of an existing domain controller to higher operating

system, in this way, we will need to run adprep /forestprep and adprep /domainprep
manually.
Method 2 Promote a new higher operating system of Windows server in the existing domain, you
do not need to run these manually.

However, we recommend we add new domain controller to the existing domain.

Adprep and Domainprep
If you are doing an in-place upgrade of an existing domain controller to the Windows Server
2016 operating system, you will need to run adprep /forestprep and adprep /domainprep
manually. Adprep /forestprep needs to be run only once in the forest. Adprep /domainprep
needs to be run once in each domain in which you have domain controllers that you are
upgrading to Windows Server 2016.
If you are promoting a new Windows Server 2016 server you do not need to run these manually.
These are integrated into the PowerShell and Server Manager experiences.

We can follow steps below to upgrade Window server 2008 R2 DC to Window server 2019 DC
after you raise forest functional level to 2008 successfully:

1. Check if AD environment is healthy. Check all DCs in this domain is working fine by
running Dcdiag /v. Check if AD replication works properly by running repadmin
/showrepl and repadmin /replsum.
2. Add the new Window server 2019 to this existing domain.
3. Add AD DS and DNS roles and promote this Windows server 2019 as a DC (as a GC).
4. Check if AD environment is healthy again based on step 1.
5. If step 1-step 4 is OK without any error. We can transfer FSMO roles to new 2019
DC if needed.
6. Based on “The 2008 R2 DC has DHCP on it as well.”, migrate DHCP to new server
if needed.
7. Demote Windows server 2008 R2 after migrating AD DS and DHCP role if needed.
Before we demote 2008 R2 DC, we should check:

If the removed DC was a DNS server, update the DNS client configuration on all member
workstations, member servers, and other DCs that might have used this DNS server for name
resolution. If it is required, modify the DHCP scope to reflect the removal of the DNS server.

If the removed DC was a DNS server, update the Forwarder settings and the Delegation settings
on any other DNS servers that might have pointed to the removed DC for name resolution.
As I mentioned in the reply last day, the minimum requirement to add a Windows Server 2019
Domain Controller is a Windows Server 2008 forest functional level. The domain also has to
use DFS-R as the engine to replicate SYSVOL.

new

We got 1 AD DC in our infrastructure. (Windows serve 2008 R2)

DC have such roles:

 AD DS
 AD CS
 NPS (which is not working currently)
 DNS

We need to either upgrade this server to 2019 or make a new server and transfer all roles to the
new server but we need to keep old server hostname un IP adress.

So how could i do this? I see two options:

1. Install new Windows Server 2019 and install AD DS role on that server;
2. Move NPS role to the new server;
3. Move FSMO roles;
4. On old server backup AD CS and then remove AD CS role;
5. On Old server Remove AD DS role demote the server and rename it and change IP
adress;
6. After old server restart, install ad ds role and promote this server to DC;
7. On new server remove AD DS role and demote server, change ip adress and
hostname to the OLD server;
8. After restart install AD DS role and promote to DC;
9. Install AD CS role on new server and restore from backup;
10. Remove old AD server.

Second option.

1. Install new Windows Server 2019 and install AD DS role on that server;
2. Move fsmo roles from old server;
3. Backup AD CS;
4. Remove AD CS;
5. Remove AD DS role frome old server and demote that server;
6. After restart install AD CS role and restore from backup;
6.Then in-place upgrade from 2008 R2 to 2012 R2;
7. Then in-place upgrade from 2012 R2 to 2019;
8. Install AD DS role back to the old server;
9. Transfer FSMO roles back to the old server;
10. Rise domain function level;
 11. Remove 2nd AD DS. (maybe)

Which one is the best option?

Thank you.

27 - ( FSMO Master Roles ) - Windows

Server 2019 - Arabic - By Mohamed Zohdy -
‫شرح كورس عربي‬

https://www.youtube.com/watch?v=iAeY_1_P55o